即时通讯尝试循环通过类数字的记录,然后使用MySQL和PHP从另一个记录集查询耗材
问题描述:
我有这些记录集我伪造$ _POST在查询之间使用第一个查询中的值来获取值从第二个查询,以这种方式,我得到的许多第一行,我已经尝试了foreach循环之间的查询和失败...即时通讯尝试循环通过类数字的记录,然后使用MySQL和PHP从另一个记录集查询耗材
如何循环通过第一recorset行尽可能多?返回....代码:
$maxRows_rs_all_classes = 50;
$pageNum_rs_all_classes = 0;
if (isset($_GET['pageNum_rs_all_classes'])) {
$pageNum_rs_all_classes = $_GET['pageNum_rs_all_classes'];
}
$startRow_rs_all_classes = $pageNum_rs_all_classes * $maxRows_rs_all_classes;
mysql_select_db($database_conn_studiogear_mgr, $conn_studiogear_mgr);
$query_rs_all_classes = "SELECT sg_class_desc.class_image,
sg_class_desc.class_location,
sg_classes.class_name,
sg_class_desc.class_room,
sg_classes.class_cat1,
sg_classes.class_cat2,
sg_classes.class_cat3,
sg_classes.class_id
FROM sg_class_desc
INNER JOIN sg_classes
ON sg_class_desc.class_id = sg_classes.class_id";
$query_limit_rs_all_classes = sprintf("%s LIMIT %d, %d",
$query_rs_all_classes,
$startRow_rs_all_classes,
$maxRows_rs_all_classes);
$rs_all_classes = mysql_query($query_limit_rs_all_classes, $conn_studiogear_mgr)
or die (mysql_error());
$row_rs_all_classes = mysql_fetch_assoc($rs_all_classes);
if (isset($_GET['totalRows_rs_all_classes'])) {
$totalRows_rs_all_classes = $_GET['totalRows_rs_all_classes'];
} else {
$all_rs_all_classes = mysql_query($query_rs_all_classes, $conn_studiogear_mgr);
$totalRows_rs_all_classes = mysql_num_rows($all_rs_all_classes);
}
$totalPages_rs_all_classes = ceil($totalRows_rs_all_classes/$maxRows_rs_all_classes)-1;
$_POST['class_id'] = $row_rs_all_classes['class_id'];
//without the following loop I return the first row and the second query works for the first row
// start loop when I use this loop, "Array" is echoed out and next query does not run
$classes = $row_rs_all_classes['class_id']; // from recordset above
foreach ($classes as $value) {
$ArrayClasses[] = "".$value ."";
echo $ArrayClasses; //
}
// end loop
$colname_rs_gear = "-1";
if (isset($_POST['class_id'])) {
$colname_rs_gear = $_POST['class_id'];
}
mysql_select_db($database_conn_prestashop, $conn_prestashop);
$query_rs_gear = sprintf("SELECT ps_product_lang.name,
ps_product.id_product,
ps_product.price,
ps_product.reference,
ps_product_lang.description_short,
ps_product_lang.description,
ps_supplier.name,
sg_class_gear.class_gear_image,
sg_class_gear.class_gear_product_link
FROM ps_product
INNER JOIN ps_product_lang
ON ps_product.id_product = ps_product_lang.id_product
INNER JOIN ps_supplier
ON ps_product.id_supplier = ps_supplier.id_supplier
INNER JOIN sg_class_gear
ON sg_class_gear.class_gear_pid = ps_product.id_product
WHERE ps_product.id_product = sg_class_gear.class_gear_pid
AND sg_class_gear.class_id = %s",
GetSQLValueString($colname_rs_gear, "int"));
$rs_gear = mysql_query($query_rs_gear, $conn_prestashop) or die(mysql_error());
$row_rs_gear = mysql_fetch_assoc($rs_gear);
$totalRows_rs_gear = mysql_num_rows($rs_gear);
答
1)你很容易受到sql injection attacks
2)正在使用一个过时的数据库库(MySQL的)和应当切换到的mysqli或PDO
3)mysql_fetch _ *()函数从结果集返回数据的SINGLE行。既然你没有为初始查询调用mysql_fetch_in循环,你只能得到第一行结果。你的代码应该是
$result = mysql_query($first_query_sql);
while($row = mysql_fetch_assoc($result)) {
$result2 = mysql_query($inner_query_sql);
while($row2 = ...) {
}
}
+0
谢谢Marc B,我只发布了查询,而不是整个SQL,我确实有注射剂......感谢您的建议。该网站有点过时,这是我必须与之合作。 – Tony01 2014-10-08 17:46:57
'mysql_query'是一个过时的接口,不应该在新的应用程序中使用,并且将在未来版本的PHP中删除。像[PDO这样的现代化替代品并不难学](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/)。如果您是PHP的新手,像[PHP The Right Way](http://www.phptherightway.com/)这样的指南可以帮助解释最佳做法。 – tadman 2014-10-08 17:48:31